Transmission Security

1 - Theory of Computer Science / Transmission Security

Transmission Security

Keeping data safe when its tucked away nicely in a server is one thing, however, data rarely stays in one place. When data is transmitted from one place to another it is vulnerable to interception therefore a whole new set of steps must be taken to ensure its safety. This page will discuss the use of encryption, firewalls, proxy servers and security protocols.

Firewalls

A firewall has an interesting name that suits its purpose perfectly. You can picture a firewall as a protective wall of fire that sits between your computer and a network / the internet. If data wishes to travel from a network into your computer it has to pass through the fire wall... if the data is deemed to be bad it is blocked / destroyed.

Of course the firewall is not really a wall of fire, it is in fact software that is designed to detect and block malicious software. So how exactly does it work?

Firewall software contains a dictionary / list of code snippets from known malware
The firewall sits between your computer and a network
When data attempts to enter your computer it will first have to interact with the firewall
The firewall analyses the data and compares its code to its dictionary of known malware
If there is a match, the firewall knows that the data is bad and blocks / deletes it. If there is no match the data is assumed safe and allowed to pass into the computer.

Important note! If a hacker alters malicious code slightly so that it no longer matches the code in a firewall dictionary, it will not be detected and will be allowed to pass straight through. Similarly, if new malware is created and a firewall is not kept up to date, the code will not exist in the dictionary and the firewall will allow it straight through. This is why it is important to regularly update your firewall!

Proxy Servers

A Proxy server can be either a software system that runs on a computer or a separate dedicated computer which acts as a middle man between one device and a network e.g. the internet.

Using a proxy server has plenty of benefits including:

Increasing web performance as frequently visited sites will be stored ready for re-use
Act as a filter for Malware
Can be used to filter / block inappropriate web content
Provides a gateway between networks
Prevents direct access to a webserver
If an attack is launched it hits the proxy server instead
Can be used to prevent DDOS
Used to direct invalid traffic away from the webserver
Can block requests from certain IP addresses

Proxy Server Diagram

The diagram below demonstrates how the proxy server will sit between a users computer and the web server. If the user decides to request a web page from the web server then the request will go through the proxy server and then when that data is returned it will also go through the proxy server thus protecting the client from possible security issues. Also, as it is the proxy server requesting your data and not the clients computer then the clients information e.g. IP address or location will be hidden.

This video made by PowereCert Animated videos provides a very nice explanation of proxy servers. Visit their page for more useful videos.

Security Protocols

A protocol is a set of rules. Security rules (Protocols) are followed when transmitting data from one place to another with the goal of maintain the safety of the data. There are three security protocols that we will look at here, these are HTTPS, SSL and TLS

HTTPS

HTTPS stands for Hyper Text Transfer Protocol SECURE it is the secure version of HTTP.

HTTP is the protocol designed to allow for access and retrieval of web pages. HTTPS is different in that it dictates that a encrypted data connection is used to transfer the data.

The use of HTTPS is increasing, it is particularly important popular for eCommerce and banking websites as people need to trust that their personal and financial details are secure at all times.

You can tell if a website is using HTTPS by looking at the URL bar. In the above image you can see both a padlock and the letters 'https' in green. Both indicate that HTTPS is being used.

SSL - Secure Socket Layer

Secure Socket Layer (SSL) is used to establish an encrypted link between a web server and a browser. This link is used to ensure that any data transmitted remains private.

When a user first visits a website, SSL will encrypt all of the data so that even if it is intercepted, it will be meaningless to the interceptor.
SSL uses asymmetric encryption to encrypt data before transmission. This means that 2 keys (Public and private) are used.

If a website URL starts with HTTPS then it is using SSL.

So how exactly does it work? Well accessing a website using SSL will follow these steps:

The user types in the desired url and presses enter
The web browser will send a request to the websites web server to request access
The web server will send a copy of its SSL certificate back to the users browser
The users web browser will attempt to authenticate the certificate. If authenticated, the browser will send a message to the web server that allows communication to begin.
The receipt of this message is acknowledged by the web server and now SSL encrypted two-way data transfer can begin.

Uses of SSL

SSL has many practical applications in the real world as security is proving to be increasingly important. These uses include:

Online shopping / payment systems
Email
Cloud based storage e.g. Google Drive
Intranet / Extranet
VPN
VOIP (Video chat)
Social media
Online gaming
Instant messaging

The video below was created by SSL.com and explains how it works.

Websites that use SSL must have a URL that begins with HTTPS

TLS - Transport Security Layer

Transport Layer Security (TLS) is an upgrade to SSL, however many sources state the the improvement is marginal. TLS was introduced in 1999 as a newer version of SSL, it was in fact based on SSL 3.0.

Just like SSL, TLS uses Asymmetric encryption.

TLS improves on SSL by separating the data carrying process from the authentication process. It does this by creating two layers:

Handshake protocol
This is used to create the secure connection between the two parties over a network. It allows the two parties to authenticate each other and to initialize the use of encryption algorithms.

Record Protocol
This part of the protocol allows for the communication between the two parties, in other words, it contains the data that is being transferred between the two parties.

Only the latest web browsers are capeable of using TLS which is why SSL is still widely used.

It is speculated that the name was changed from SSL to TLS to avoid legal issues with Netscape who originally created SSL.

Uses of TLS
The possible uses of TLS are exactly the same as the uses of SSL:

Online shopping / payment systems
Email
Cloud based storage e.g. Google Drive
Intranet / Extranet
VPN
VOIP (Video chat)
Social media
Online gaming
Instant messaging

Encryption

When data is transmitted from one point to another, it is possible for a hacker to intercept the data. If data is intercepted it can be read and used for malicious purposes.

To protect data from this sort of interception it is encrypted:

Encryption - The scrambling of data so that it is no longer in an understandable format.

Encryption terms:

Cipher text - The encrypted data / message

Plain text - The data / message before it is encrypted

Encryption - The process of converting plain text into cipher text by following a specific algorithm

Key - A sequence of numbers / characters used with the algorithm to encrypt / decrypt data.

Types of Encryption

There are two encryption techniques that we need to be aware of, these are Symmetric encryption and Asymmetric encryption.

Symmetric Encryption (Private Key)

Symmetric encryption uses one single key to both encrypt and decrypt a message or data. As the same key is used to encrypt and decrypt it is important that it is kept private hence why this is also known as 'private key' encryption.

One basic example of symmetric encryption is the Ceasar shift cipher.

The Ceasar shift cipher was in fact invented by Julius Caesar and is one of the earliest known ciphers.

How it works:

First obtain the message that you wish to encrypt, in this example our plain text is - "Bits of bytes"
The next step is to choose a key, the key is a number between one and 26 (Number of letters in the alphabet)
To encrypt you simply shift each letter of the plain text forward in the alphabet in correspondence to what number the key is
To decrypt, you shift the letters of the cipher text backwards through the alphabet in correspondence to what number the key is.

Example

Plain Text = Bits of Bytes

Key = 3

Cipher text = ELWV RI EBWV

Note that if the Shift passes Z e.g. you must shift the letter Y by three. You simply loop back to A and keep moving until you have shifted the desired amount.

Asymmetric Encryption - (Public Key)

Asymmetric encryption involves the use of two keys. One of these keys is used to encrypt the data and the other is used to decrypt it. This is much more secure than symmetric encryption as it means that you do not need to send the decryption key along with the message, meaning that is cannot be intercepted and used to decrypt the cipher text.

This video from CS Unplugged does a good job at explaining how it works:

Cracking Encryption

As with anything in computing that is aimed at making things safer, there is of course a darker element of society that wish to break it.

It is possible for encryption to be decoded without the encryption key, this process is called cryptanalysis. There are two methods of cryptanalysis, these are Brute force attack and a non brute force attack.

Brute Force Attack
A brute force attack is used when trying to determine what an encryption key is. The process works simply by trying every single possible combination of letters / numbers / characters until the key is matched.

The larger the key used, the longer this attack will take. This is why most services will request that you choose a strong password with a minimum of 8 characters.

Key strength quantification

It is possible to quantify the strength of a key in relation to how long it will take to crack with a brute force attack.

The number of alternative keys available for a set length key can be determined by calculating 2^(Number of bits. e.g.:

8 bit key = 2^8 alternative keys
16 bit key = 2^16 alternative keys

As you can see, as you increase the number of bits in your key, the number of keys that need to be worked through increases thus increasing the time to crack it.

Non Brute Force Attack
The non brute force attack does not involve simply trying every possible combination of key, instead there are different, more clever methods employed to determine the key.

One of these methods is known as Frequency Analysis. Frequency analysis works on the basis that not all letters are used equally,specifically more letters are used more than others.

It is a fact that the letter 'E' is the most common letter in the English language closely followed by T,A,O,I...

With this knowledge of common letters, people can look at cipher text and try to spot patterns where common or repeated letters may be. If you can determine that every 'c' in the cipher text is meant to be a 't' in the plain text, it offers a great starting point for cracking the entire message.